Ransomware and Phishing Attempts Increase During Pandemic

The COVID-19 pandemic has left people with fears and questions about their health and cybercriminals are using this fear to spread ransomware on computer systems. It has been reported by the FBI that hackers are using ransomware called Netwalker in phishing emails with themes relating to the pandemic. This may include false information about testing, vaccines, and personal protection equipment (PPE). Victims have ranged from individuals to large corporations and the only way to protect systems from this type of attack is to recognize an attack and have a backup strategy.

Scope of Ransomware Attacks

The Netwalker attacks started in February on an Australian transportation and logistics company, but the FBI reports that attacks have been on the upswing since the month of June. In the month of June, the University of California San Francisco’s school of medicine was hit with the ransomware and paid over $1 million to have the data decrypted.

The pandemic-themed emails contain a link that, when clicked, expel a Visual Basic Scripting that encrypts files on the vulnerable system. The FBI states that the attackers were able to gain access through exploiting:

  • Unpatched virtual private network appliances
  • Vulnerable user interfaces in web applications
  • Weak passwords used for remote desktop connections

In addition to encrypting files using a malicious PowerShell script, the ransomware harvests admin credentials and steals any other valuable data. Information is then uploaded to a file sharing service among the hackers.

Hybrid Threat Networks Target PPE

Hybrid threat networks, which are groups of criminals both cyber and otherwise, have found new avenues of attack during the pandemic as well. These groups are organized and adapt to change quickly, which is why they are thriving even in the new COVID-19 state in which we find ourselves. The groups have a strategic, middle management, and tactical level according to Debra Geister, CEO of Section 2 Financial Intelligence Solutions.

While these attackers usually complete money laundering through restaurants or convenience stores, these sources of revenue are not as available and they had to find a new source. Geister said in an interview on bankinfosecurity.com that PPE is being used as currency during this global health crisis because it is in high demand. This along with sanitizers and general online transactions are more at risk than ever before.

Protecting Your Data and Yourself

When dealing with online attacks such as ransomware, it is important to recognize a fake notification or email subject line that is the gateway into a malicious email message. Security trainer KnowBe4 published a report that outlined the most common phishing email subject lines thus far in 2020. It was found that subject lines relating to COVID-19 accounted for 56% of all lines analyzed last quarter.

In the top 10 list of general subjects seen in simulated phishing emails last quarter, half of the subject lines dealt with the pandemic:

  • COVID-19 Awareness
  • Coronavirus Stimulus Checks
  • List of Rescheduled Meetings Due to COVID-19
  • Confidential Information on COVID-19
  • COVID-19 – Now airborne, Increased community transmission

People react to these emails immediately because of their feelings of urgency, fear, and stress related to the public health crisis. In reality, individuals and companies need to think about what they are about to click on and ensure it comes from a trusted source. When reviewing an email, check with the source that the message was indeed sent from them and notify an IT department if available.

SecureData offers many services and products to keep your data secure. Our hardware encrypted SecureDrives are ideal backup solutions for your information. They have built-in antivirus and are impervious to ransomware attacks. So even if your system falls victim to a ransomware incident, your data is safe. We also offer digital forensic services to investigate data breaches and ransomware attacks to find the source of the attack, stop it, and find what data was compromised. Call us at 1-800-388-1266 to learn more.